Skip to main content

CVE-2025-7528: Stack-based Buffer Overflow in Tenda FH1202

High
VulnerabilityCVE-2025-7528cvecve-2025-7528
Published: Sun Jul 13 2025 (07/13/2025, 11:32:06 UTC)
Source: CVE Database V5
Vendor/Project: Tenda
Product: FH1202

Description

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 07/20/2025, 20:53:28 UTC

Technical Analysis

CVE-2025-7528 is a critical security vulnerability identified in the Tenda FH1202 router, specifically version 1.2.0.14(408). The flaw exists in the function fromGstDhcpSetSer located in the /goform/GstDhcpSetSer endpoint. The vulnerability arises due to improper handling of the 'dips' argument, which leads to a stack-based buffer overflow. This type of overflow occurs when data exceeding the buffer's capacity is written to the stack, potentially overwriting adjacent memory and enabling arbitrary code execution or system crashes. The vulnerability is remotely exploitable without requiring user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The attacker needs only low privileges (PR:L) to exploit this flaw. The CVSS 4.0 base score is 8.7, categorizing it as a high-severity issue. The exploit has been publicly disclosed, increasing the risk of exploitation, although no active exploitation in the wild has been reported yet. The vulnerability impacts the confidentiality, integrity, and availability of the affected device, as successful exploitation could allow attackers to execute arbitrary code, disrupt network services, or gain unauthorized access to network traffic routed through the device. The Tenda FH1202 is a consumer-grade router, and the vulnerability in its DHCP service handling makes it a critical risk for network infrastructure relying on this device. No official patches or mitigation links have been published yet, indicating that affected users must rely on interim protective measures until a vendor fix is available.

Potential Impact

For European organizations, this vulnerability poses a significant risk, especially for small and medium enterprises (SMEs) and home office environments that commonly use consumer-grade routers like the Tenda FH1202. Exploitation could lead to network compromise, data interception, or denial of service, impacting business continuity and data privacy compliance under regulations such as GDPR. The ability to remotely exploit the vulnerability without user interaction or authentication means attackers can potentially target exposed devices over the internet or local networks. This could facilitate lateral movement within corporate networks or serve as an entry point for more sophisticated attacks. Given the critical nature of the flaw, organizations relying on these routers for internet connectivity or internal network routing could face severe disruptions. Additionally, the public disclosure of the exploit code increases the likelihood of opportunistic attacks targeting unpatched devices across Europe.

Mitigation Recommendations

1. Immediate network segmentation: Isolate Tenda FH1202 devices from critical network segments to limit potential lateral movement in case of compromise. 2. Disable remote management interfaces on the router to reduce exposure to external attackers. 3. Monitor network traffic for unusual DHCP requests or anomalies that could indicate exploitation attempts. 4. Implement strict access controls and firewall rules to restrict inbound traffic to the router’s management and DHCP services. 5. Regularly audit and inventory network devices to identify and replace vulnerable Tenda FH1202 units with more secure alternatives where possible. 6. Apply vendor patches promptly once released; meanwhile, consider temporary firmware downgrades if they are known to be unaffected or use alternative DHCP servers. 7. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect exploitation attempts targeting this vulnerability. 8. Educate IT staff about the vulnerability and ensure incident response plans include steps for handling potential exploitation scenarios related to this router.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-07-12T11:28:33.573Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68739c7ca83201eaacba27ac

Added to database: 7/13/2025, 11:46:04 AM

Last enriched: 7/20/2025, 8:53:28 PM

Last updated: 8/23/2025, 5:33:23 AM

Views: 37

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats